CVE-2023-2280

Name of the Vulnerable Software and Affected Versions WP Directory Kit plugin for WordPress versions up to, and including, 1.2.2

Description The issue allows unauthorized modification and loss of data due to a missing capability check on the ajax public function. This enables unauthenticated attackers to delete or change plugin settings, import demo data, delete related posts and terms, and install arbitrary plugins.

Recommendations For versions up to, and including, 1.2.2, update to version 1.2.3 to fully resolve the issue. As a temporary workaround, consider disabling the ajax public function until a patch is available.